EDITORIALHacking law changes welcome after prodigy's suicide

Hacking is a crime. But like stealing, there's a whole range of degrees, as any Silicon Valley geek can attest.

The worst hacking involves malevolent crimes such as identity theft, credit card fraud and large-scale disruption of legitimate business. Swartz's hacking was much more benign.

Advertisement

We'll never know what role the prospect of going to jail played in the tragic suicide last week of tech prodigy, Internet activist and Reddit co-founder Aaron Swartz. Regardless, a proposal to update computer hacking laws is a welcome attempt to clarify a portion of the Computer Fraud and Abuse Act that itself was being abused by Swartz's accusers.

Shame on the U.S. attorney for Massachusetts, Carmen Ortiz, for making it necessary.

Hacking is a crime. But like stealing, there's a whole range of degrees, as any computer geek can attest. The worst hacking involves malevolent crimes such as identity theft, credit card fraud and large-scale disruption of legitimate business. Swartz's hacking was much more benign.

The 26-year-old Brooklyn resident was charged with stealing millions of online documents from JSTOR, a subscription-based academic research service. It's clear he was motivated by his lifelong desire to make information available to everyone. No one believed he acted for personal gain; he easily could have paid for the material. He was making a point.

Swartz and JSTOR settled their civil case, but MIT, whose secure computer was used for the hacking, did not. That led to the prosecution.

Stealing is stealing, and Swartz deserved to be punished. But a 35-year prison sentence and a million-dollar fine? It was ridiculous, the modern equivalent of Jean Valjean being sentenced to life in prison for stealing a loaf of bread in "Les Miserables." Swartz was guilty of trying to make documents free to the public that should have been free from the outset.

The tech community has known for some time that the scope of the 1986 Computer Fraud and Abuse Act is too broad. The bill drafted by Rep. Zoe Lofgren (D-Calif.), which she's calling "Aaron's Law," would differentiate between a federal data-theft crime and a terms-of-service violation. Swartz's breach of JSTOR's online service agreement was treated by prosecutors as an act of wire fraud.

Swartz was an idealist and one of the brightest thinkers in tech. At 14 he helped create the RSS file format that allows content to flow automatically to aggregators from frequently updated Web sites, such as newspapers'. He left Stanford after a year because he didn't find it "a very intellectual atmosphere." He later founded Demand Progress, a group of Internet activists with more than a million members.

Swartz's trial was still months away, and it's hard to imagine a 21st century judge would have imposed the medieval sentence prosecutors sought. Still, his partner and his father say he was depressed and exhausted from fighting the case. Whatever role that played in his suicide, it was an unnecessary burden. Lofgren's bill will restore a sense of proportion and humanity to the computer abuse law.